Edinburgh Research Explorer

A Puff of Steem: Security Analysis of Decentralized ContentCurationCitation for published version:Kiayias, A, Livshits, B, Mosteiro, AM & Litos, OST 2019, A Puff of Steem: Security Analysis of DecentralizedContent Curation. in V Danos, M Herlihy, M Potop-Butucaru, J Prat & S Tucci-Piergiovanni (eds),International Conference on Blockchain Economics, Security and Protocols (Tokenomics 2019)., 3,OpenAccess Series in Informatics (OASIcs), vol. 71, Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik,Germany, pp. 3:1-3:21, Tokenomics, International Conference on Blockchain Economics, Security andProtocols, Paris, France, 6/05/19. https://doi.org/10.4230/OASIcs.Tokenomics.2019.3

Digital Object Identifier (DOI):10.4230/OASIcs.Tokenomics.2019.3

Link:Link to publication record in Edinburgh Research Explorer

Document Version:Publisher's PDF, also known as Version of record

Published In:International Conference on Blockchain Economics, Security and Protocols (Tokenomics 2019)

General rightsCopyright for the publications made accessible via the Edinburgh Research Explorer is retained by the author(s)and / or other copyright owners and it is a condition of accessing these publications that users recognise andabide by the legal requirements associated with these rights.

Take down policyThe University of Edinburgh has made every reasonable effort to ensure that Edinburgh Research Explorercontent complies with UK legislation. If you believe that the public display of this file breaches copyright pleasecontact openaccess@ed.ac.uk providing details, and we will remove access to the work immediately andinvestigate your claim.

Download date: 14. Apr. 2021

A Puff of Steem: Security Analysis ofDecentralized Content CurationAggelos KiayiasUniversity of Edinburgh, United KingdomIOHK, Hong Kong

Benjamin LivshitsImperial College of London, United KingdomBrave Software, United Kingdom

Andrés Monteoliva MosteiroUniversity of Edinburgh, United KingdomClearmatics, London, United Kingdom

Orfeas Stefanos Thyfronitis Litos1

University of Edinburgh, United Kingdomo.thyfronitis@ed.ac.uk

AbstractDecentralized content curation is the process through which uploaded posts are ranked and filteredbased exclusively on users’ feedback. Platforms such as the blockchain-based Steemit2 employ thistype of curation while providing monetary incentives to promote the visibility of high quality postsaccording to the perception of the participants. Despite the wide adoption of the platform verylittle is known regarding its performance and resilience characteristics. In this work, we provide aformal model for decentralized content curation that identifies salient complexity and game-theoreticmeasures of performance and resilience to selfish participants. Armed with our model, we providea first analysis of Steemit identifying the conditions under which the system can be expected tocorrectly converge to curation while we demonstrate its susceptibility to selfish participant behaviour.We validate our theoretical results with system simulations in various scenarios.

2012 ACM Subject Classification Security and privacy → Distributed systems security

Keywords and phrases blockchain, content curation, decentralized, voting

Digital Object Identifier 10.4230/OASIcs.Tokenomics.2019.3

Related Version A full version of the paper is available at https://arxiv.org/abs/1810.01719.

1 Introduction

The modern Internet contains an immense amount of data; a single user can only consumea tiny fraction in a reasonable amount of time. Therefore, any widely used platform thathosts user-generated content (UGC) must employ a content curation mechanism. Contentcuration can be understood as the set of mechanisms which rank, aggregate and filter relevantinformation. In recent years, popular news aggregation sites like Reddit3 or Hacker News4have established crowdsourced curation as the primary way to filter content for their users.Crowdsourced content curation, as opposed to more traditional techniques such as expert- or

1 Contact author2 https://steemit.com/ Accessed: 2019-01-023 https://www.reddit.com/ Accessed: 2019-01-024 https://news.ycombinator.com/ Accessed: 2019-01-02

© Aggelos Kiayias, Benjamin Livshits, Andrés Monteoliva Mosteiro, and Orfeas Stefanos ThyfronitisLitos;licensed under Creative Commons License CC-BY

International Conference on Blockchain Economics, Security and Protocols (Tokenomics 2019).Editors: Vincent Danos, Maurice Herlihy, Maria Potop-Butucaru, Julien Prat, and Sara Tucci-Piergiovanni;Article No. 3; pp. 3:1–3:21

OpenAccess Series in InformaticsSchloss Dagstuhl – Leibniz-Zentrum für Informatik, Dagstuhl Publishing, Germany

3:2 A Puff of Steem: Security Analysis of Decentralized Content Curation

algorithmic-based curation, orders and filters content based on the ratings and feedback ofthe users themselves, obviating the need for a central moderator by leveraging the “wisdomof the crowd” [3, 46].

The decentralized nature of crowdsourced curation makes it a suitable solution forranking user-generated content in blockchain-based content hosting systems. The aggregationand filtering of user-generated content emerges as a particularly challenging problem inpermissionless blockchains, as any solution that requires a concrete moderator implies thatthere exists a privileged party, which is incompatible with a permissionless blockchain.Moreover, public blockchains are easy targets for Sybil attacks [10], as any user can createnew accounts at any time for a marginal cost. Therefore, on-chain mechanisms to resist theeffect of Sybil users are necessary for a healthy and well-functioning platform; traditionalcounter-Sybil mechanisms [29] are much harder to apply in the case of blockchains due tothe decentralized nature of the latter. The functions performed by moderators in traditionalcontent platforms need to be replaced by incentive mechanisms that ensure self-regulation.Having the impact of a vote depend on the number of coins the voter holds is an intuitivelyappealing strategy to achieve a proper alignment of incentives for users in decentralizedcontent platforms; specifically, it can render Sybil attacks impossible.

However, the correct design of such systems is still an unsolved problem. Blockchainshave created a new economic paradigm where users are at the same time equity holders in thesystem, and leveraging this property in a robust manner constitutes an interesting challenge.A variety of projects have designed decentralized content curation systems [27, 42, 16].Nevertheless, a deep understanding of the properties of such systems is still lacking. Amongthem, Steemit has a long track record, having been in operation since 2016 and attaininga user base of more than 1.08 M5 registered accounts6. Steemit is a social media platformwhich lets users earn money (in the form of the STEEM cryptocurrency) by both creating andcurating content in the network. Steemit is the front-end of the social network, a graphicalweb interface which allows users to see the content of the platform. On the other hand, allthe back-end information is stored on a distributed ledger, the Steem blockchain. Steem canbe understood as an “app-chain”, a blockchain with a specific application purpose: servingas a distributed database for social media applications [42].

1.1 Our ContributionsIn this work we study the foundations of decentralized content curation from a computationalperspective. We develop an abstract model of a post-voting system which aims to sort theposts created by users in a distributed and crowdsourced manner. Our model is constitutedby a functionality which executes a protocol performed by N players. The model includes anhonest participant behaviour while it allows deviations to be modeled for a subset of theparticipants. The N players contribute votes in a round-based curation process. The impactof each vote depends on the number of coins held by the player. The posts are arranged ina list, sorted by the value of votes received, resembling the front-page model of Reddit orHacker News. In the model, players vote according to their subjective opinion on the qualityof the posts and have a limited attention span.

Following previous related work [14, 3], we represent each player’s opinion on each post(i.e. likability) with a numerical value l ∈ [0, 1]. The objective quality of a post is calculatedas the simple summation of all players’ likabilities for the post in question. To measure

5 https://steemdb.com/accounts Accessed: 2019-01-026 The number of accounts should not be understood as the number of active users, as one user can createmultiple accounts.

A. Kiayias, B. Livshits, A. Monteoliva Mosteiro, and O. S. T. Litos 3:3

the effectiveness of a post-voting system, we introduce the property of convergence underhonesty which is parameterised by a number of values including a metric t, that demands thefirst t articles to be ordered according to the objective quality of the posts at the end of theexecution assuming all participants signal honestly to the system their personal preferences.Armed with our post-voting system abstraction, we proceed to particularize it to modelSteemit and provide the following results.

(i) We characterise the conditions under which the Steemit algorithm converges underhonesty. Our results highlight some fundamental limitations of the actual Steemitparameterization. Specifically, for curated lists of length bigger than 70 the algorithmmay not achieve even 1-convergence.

(ii) We validate our results with a simulation testing different metrics based on correlationthat have been proposed in previous works [25, 37] and relating them to our notion ofconvergence.

(iii) We demonstrate that “selfish” deviation from honest behavior results to substantialgains in terms of boosting the ranking of specific posts in the resulting list of thepost-voting system, and to a grave reduction of the quality of said list.

1.2 Steem consensus algorithmIn a nutshell, Delegated Proof of Stake [8, 36, 41] works as follows: Steem users can sign upas “validator” candidates for one of 21 slots. Each user that owns some STEEM can vote fora validator. The 20 candidates that receive the most votes (weighted by the respective users’STEEM) become validators. The 21st slot is filled with one of the candidates that was notelected, chosen at random with probability proportional to her votes.

A validator is responsible for receiving new transactions and adding them to blocks.Validators take turns in block production. An honest validator attaches her block to thelatest valid block she knows and broadcasts it to the network. We say that a round iscomplete after each validator has had a chance to create a block. Honest nodes accept thelongest known chain as the valid one. Elections for validators happen once each round, thuseach STEEM holder is allowed to change her opinion very often.

The protocol promises that all new transactions are permanently added to the blockchainin a short amount of time, given that at least two thirds of the validators are honest.Unfortunately, we were unable to locate a formal proof of this claim.

Note that our analysis does not focus on DPOS, but on the curation mechanism ofSteemit. The latter is independent of the consensus protocol of Steem.

2 Related Work

User-generated content (UGC) has been identified as a fundamental component of socialmedia platforms and Web 2.0 in general [24]. The content created by users needs to be curated,and crowdsourced content curation [3] has emerged as an alternative to expert-based [38]or algorithmic-based [35] curation techniques. Motivated by the widespread adoption ofcrowdsourced aggregation sites such as Reddit or Digg7, several research efforts [9, 14, 1] haveaimed to model the mechanics and incentives for users in UGC platforms. This surge of interestis accompanied by studies which have shown how social media users behave strategicallywhen they publish and consume content [32]. As an example, in the case of Reddit, users tryto maximize their “karma” [4], the social badge of the social media platform [2].

7 http://digg.com/ Accessed: 2019-01-02

Tokenomics 2019

3:4 A Puff of Steem: Security Analysis of Decentralized Content Curation

Previous works have analyzed content curation from an incentives and game-theoreticstandpoint [14, 9, 21, 32, 1] . Our formalisation is based on these models and inherits featuressuch as the quality distribution of the articles and the users’ attention span [3, 14]. Interms of the analysis of our results, the analysis of our t-convergence metric is similar tothe top-k posts in [3]. We also leverage the rank correlation coefficients Kendall’s Tau [25]and Spearman’s Rho [37] to measure content curation efficiency. Our approach describesthe mechanics of post-voting systems from a computational perspective, something thatdeparts from the approach of all previous works, drawing inspiration from the real-idealworld paradigm of cryptography [17, 30] as employed in our definition of t-convergence.

Post-voting systems constitute a special case of voting mechanisms, as studied withinsocial choice theory, belonging to the subcategory of cardinal voting systems [22]. In thiscontext, it follows from Gibbard’s theorem [15] that no decentralised non-trivial post-votingmechanism can be strategy-proof. This is consistent with our results that demonstratehow selfish behaviour is beneficial to the participants. Our system shares the property ofspanning multiple voting rounds with previous work [23]. Other related literature in socialchoice [31, 6, 44] is centered on political elections and as a result attempts to resolve avariation of the problem with quite different constraints and assumptions. In more detail, inthe case of political elections, voter communication in many rounds is costly while navigatingthe ballot is not subject to any constraints as voters are assumed to have plenty of time toparse all the options available to them. As a result, voters can express their preferences forany candidate, irrespective of the order in which the latter appear on the ballot paper. Onthe other hand, the online and interactive nature of post-voting systems make multi-roundvoting a natural feature to be taken advantage of. At the same time, the fairness requirementsare more lax and it is acceptable (even desirable) for participants to act reactively on theoutcome of each others’ evaluations. On the other hand, in the post-voting case, the “ballot”is only partially available given the high number of posts to be ranked that may very wellexceed the time available to a (human) user to participate in the process. As a result auser will be unable to vote for posts that she has not viewed, for instance, because they areplaced at the bottom of the list. This is captured in our model by introducing the concept of“attention span”.

Content curation is also related to the concept of online governance. The governance ofonline communities such as Wikipedia has been thoroughly studied in previous academicwork [28, 13]. However, the financially incentivized governance processes in blockchainsystems, where the voters are at the same time equity-holders, have still many open researchquestions [5, 12]. This shared ownership property has triggered interest in building socialmedia platforms backed by distributed ledgers, where users are rewarded for generated contentand variants of coin-holder voting are used to decide how these rewards are distributed.

As already mentioned, coin-weighted voting is a viable mechanism to measure the influenceof users in the platform and, by extension, to make the system more resistant to Sybil attacks.Different countermeasures for the Sybil problem in content curation and recommendationsites have been explored in the past [34, 40, 45, 33]. Orthogonal to the coin-weighted votingmodel, these solutions leverage the trust graph of the underlying social network (whichis explicitly created by users) to bound the effect of Sybil votes [34, 40, 45]. [43] claimthat trust graph-based solutions require heavy computation, and propose optimizations forreal-world applications modeling the transitive trust relationships as credit networks. Weacknowledge these mechanisms as complementary to coin-weighted voting and potentiallyimplementable in Steemit. We note that the abstract post-voting system defined in this workcan be particularized to include such trust graph-based solutions.

A. Kiayias, B. Livshits, A. Monteoliva Mosteiro, and O. S. T. Litos 3:5

The effects of explicit financial incentives on the quality of content in Steemit has beenanalyzed in [39]. Beyond the Steemit’s whitepaper [42], a series of blog posts [18, 19]effectively extend the economic analysis of the system. In parallel with Steemit, otherprojects such as Synereo [27] and Akasha8 are exploring the convergence of social media anddecentralized content curation. Beyond blockchain-based social media platforms, coin-holdervoting systems are present in decentralized platforms such as DAOs [7] and in differentblockchain protocols [11, 20]. However, most of these systems use coin-holder voting processesto agree on a value or take a consensual decision.

3 Model

We first introduce some useful notation:We denote an ordered list of elements with A = [e1, . . . , en] and the i-th element of thelist with A [i] = ei.Let n ∈ N∗. [n] denotes {1, 2, . . . , n}.

3.1 Post listI Definition 1 (Post). Let N ∈ N∗. A post is defined as P = (m, l), with m ∈ [N ] , l ∈ [0, 1]N .

Author. The first element of a post is the id of its creator m.Likability. The likability of a post is defined as l ∈ [0, 1]N .

N represents the number of voters (a.k.a. players). A post has a distinct likability in [0, 1]for each player.

I Definition 2 (Ideal Score of a post). Let post P = (m, l). We define the ideal score of P

as idealSc (P ) =|l|∑i=1

li.

The ideal score of a post is a single number that represents its overall worth to the community.By using simple summation, we assume that the opinions of all players have the same weight.

I Definition 3 (Post List). Let M ∈ N∗. A post list P = [P1, . . . , PM ] is an ordered listcontaining posts. It may be the case that two posts are identical.

In the case of many UGC platforms, e.g. Steemit, there exists a feed (commonly named“Trending”) that displays the same ordered posts for all users. In such an ordered list, postsplaced closer to the top are more visible, since users typically consume content from top tobottom. We can thus measure the quality of an ordered list of posts by comparing it with alist that contains the same posts in decreasing order of ideal score.

I Definition 4 (t-Ideal Post Order). Let P a list of posts, t ∈ [M ]. The property Idealt (P)holds if

∀i < j ∈ [t], idealSc (P [i]) ≥ idealSc (P [j]) .

We say that P has a t-ideal rank if Idealt (P) holds and t is the maximum integer less orequal to M with this property.

8 https://akasha.world/ Accessed: 2019-01-02

Tokenomics 2019

3:6 A Puff of Steem: Security Analysis of Decentralized Content Curation

3.2 Post Voting SystemWe now define an abstract post-voting system. Such a system is defined through twoInteractive Turing Machines (ITMs), GFeed and Πhonest. The first controls the list of postsand aggregates votes, whereas one copy of the second ITM is instantiated for each player.GFeed sends the post list to one player at a time, receives her vote and reorders the post listaccordingly. The process is possibly repeated for many rounds.

A measure of the quality of a post-voting system is the t-ideal rank of the post list at theend of the process.

In a more general setting, some of the honest protocol instantiations may be replaced withan arbitrary ITM. A robust post-voting system should still produce a post list of high quality.

I Definition 5 (Post-Voting System). Consider four PPT algorithms Init, Aux, Handle-Vote and Vote. The tuple S consisting of the four algorithms is a Post-Voting System. Sparametrizes the following two ITMs:GFeed is a global functionality that accepts two messages: read, which responds with the

current list of posts and vote, which can take various arguments and does whatever is definedin HandleVote.

Πhonest is a protocol that sends read and vote messages to GFeed whenever it receives(activate) from E.

Algorithm 1 GFeed (Init, Aux, HandleVote) (P, initArgs).

1: Initialization:2: U ← ∅ . Set of players3: Init (initArgs)4:5: Upon receiving (read) from upid:6: U ← U ∪ {upid}7: aux← Aux (upid)8: Send (posts, P, aux) to upid

9:10: Upon receiving (vote, ballot) from upid:11: HandleVote(ballot)

Algorithm 2 Πhonest (Vote).

1: Upon receiving (activate) from E :2: Send (read) to GFeed3: Wait for response (posts, P, aux)4: ballot← Vote (P, aux)5: Send (vote, ballot) to GFeed

Players are activated by an Environment ITM that sends activation messages (Algorithm 2,line 1).

I Definition 6 (Post-Voting System Activation Message). We define actpid as the message(activate,pid), sent to upid.

A. Kiayias, B. Livshits, A. Monteoliva Mosteiro, and O. S. T. Litos 3:7

I Definition 7 (Execution Pattern). Let N,R ∈ N∗, N ≥ 2.

ExecPatN,R ={(

actpid1 , . . . , actpidNR

): ∀i ∈ [R] ,∀k ∈ [N ] ,∃j ∈ [N ] : pid(i−1)N+j = k

},

i.e. activation messages are grouped in R rounds and within each round each player isactivated exactly once. The order of activations is not fixed.

Let Environment E that sends messages msgs =(actpid1 , . . . , actpidn

)sequentially. We

say that E respects ExecPatN,R if msgs ∈ ExecPatN,R. (Note: this implies that n = NR.)

I Definition 8 ((N,R,M, t)-convergence under honesty). We say that a post-voting systemS = (Init,Aux,HandleVote,Vote) (N,R,M, t)-converges under honesty (or t-convergesunder honesty for N players, R rounds andM posts) if, for every input P such that |P| = M ,for every E that respects ExecPatN,R and given that all protocols execute Πhonest, it holds thatafter E completes its execution pattern, GFeed contains a post list P ′ such that Idealt (P ′)is true.

Note that concrete post voting systems may or may not give information such as the totalnumber of rounds R to the players. This is decided in algorithm Aux.

We now give a high-level description of a concrete post voting system, based on theSteemit platform. According to this mechanism, each player is assigned a number of coinsknown as “Steem Power” (SP) that remains constant throughout the execution and anothernumber called “Voting Power” (VP) in [0, 1], initialized to 1. a and b are system-wideconstants that roughly specify how influential a single vote is. A vote is a pair containinga post and a weight w ∈ [0, 1]. Upon receiving a list of posts, the honest player chooses tovote her most liked post amongst the top attSpan posts of the list. The weight w is chosento be equal to the likability of the post. The functionality increases the score of the postby SP (a ·VP · w + b) and subsequently decreases the player’s Voting Power by the sameamount (but keeping it within the aforementioned bounds). Voting Power is replenishedwith time, at a rate defined by the parameter regen. The purpose of Voting Power is to “ratelimit” votes.

I Definition 9 (Steemit system). The Steemit system is the post voting system S withparameters a, b, regen ∈ [0, 1] : a + b < 1,

⌈a+b

regen

⌉> 1, attSpan ∈ N∗,SP ∈ RN+ . The four

parametrizing procedures can be found in Appendix B.

I Remark 10. The constraint a+ b < 1 ensures that a single vote of full weight cast by aplayer with full Voting Power does not completely deplete her Voting Power. The constraint⌈a+b

regen

⌉> 1 excludes the degenerate case in which the regeneration of a single round is

enough to fully replenish the Voting Power in all cases; in this case the purpose of VotingPower would be defeated.

I Remark 11. The Steem blockchain protocol defines a = 0.02, b = 0.0001 and regen =3

5·24·60·60 = 0.00000694̄, thus⌈a+b

regen

⌉= 2895. A post can be voted for 7 days from its creation

and at most one vote can be cast every 3 seconds, thus R = 7·24·60·603 = 201600. We do not

know why these particular parameters were chosen, but we conjecture that a, b and regenensure users can vote often enough without abusing the system, 7 days is the time neededfor the quality of a post to be determined and 3 seconds is the time needed for transactionsto settle in the Steem blockchain.

Tokenomics 2019

3:8 A Puff of Steem: Security Analysis of Decentralized Content Curation

I Remark 12. Note (Algorithm 6, lines 24-40) that an honest player attempts to vote for asmany posts as possible and spreads her votes with the maximum distance between them.The purpose of this is to efficiently utilize the available Voting Power to “make her voiceheard”. Also, efficiently using Voting Power on the Steemit website increases the voter’scuration reward [18].

I Theorem 13.1. If ∃i 6= j ∈ [N ] : SPi 6= SPj (i.e. if not all players have the same Steem Power) then

Steemit does not (N,R,M, 1)-converge.2. If ∀i 6= j ∈ [N ] ,SPi = SPj (i.e. if all players have the same Steem Power) and

a. R− 1 ≥ (M − 1)⌈a+b

regen

⌉then Steemit (N,R,M,M)-converges.

b. R− 1 < (M − 1)⌈a+bregen

⌉then Steemit does not (N,R,M, 1)-converge.

Proof Sketch. When SP is not constant, we build a post list where the most liked post isnot preferred by rich players and thus is not placed at the top. For a constant SP, whenR−1 ≥ (M − 1)

⌈a+b

regen

⌉, there are enough rounds to ensure full regeneration of every player’s

Voting Power between two votes and thus the resulting post list reflects the true preferencesof the players. In the opposite case, we can always craft a post list that exploits the factthat some votes are cast with reduced Voting Power in order to trick the system into placinga wrong post in the top position. J

See Appendix A for proof.

I Corollary 14. The Steemit system parametrised according to Remark 11, for any numberof players N ≥ 2, constant SP and M ≤ 70 posts (N,R,M,M)-converges. If M > 70 or SPis not constant, then there exists a list of posts such that the system does not (N,R,M, 1)-converge.

4 Simulation

The previous outcomes are here complemented with experiments that verify our findings. Wehave implemented a simulation framework that realizes the execution of Steemit’s post-votingsystem as defined above.

In particular, we consider two separate scenarios: First, we simulate the case when allplayers follow the prescribed honest strategy of Steemit, investigating how the curationquality of the system varies with the number of voting rounds. We successfully reproducethe result of Theorem 13, which implies that the system converges perfectly when a sufficientnumber of voting rounds is permitted, but otherwise the resulting list of posts may have a0-ideal rank, i.e. the top post may not have the best ideal score. Moreover, we compareour t-convergence metric with previously used metrics of convergence based on correlationdemonstrating that they are very closely aligned.

The second case measures how resilient is the curation quality of Steemit against dishonestagents. Since a creator is financially rewarded when her content is upvoted, she has incentiveto promote her own posts. A combination of in-band methods (apart from striving to produceposts of higher quality) can help her to that end. Voting for one’s own posts, refrainingfrom voting posts created by others and obtaining Sybil accounts that only vote for herposts are only an indicative subset. We thus examine the quality of the resulting list whencertain users do not follow the honest protocol, but apply the aforementioned self-promotingmethods. We observe that even a single selfish player has a detrimental effect to the t-idealrank of the post voting system. Furthermore, we measure the number of positions on the listthat the selfish post gains with respect to the number of selfish players.

A. Kiayias, B. Livshits, A. Monteoliva Mosteiro, and O. S. T. Litos 3:9

4.1 Methodology

We leverage three metrics to compare the curated list with the ideal list: Kendall’s Tau [25],Spearman’s Rho [37], and t-ideal rank.

In addition to the t-ideal rank and the rank correlation coefficients used in the firstscenario, in the case of dishonest participants we include a metric that measures the gainsof the selfish players. In particular, the metric is defined as the difference between the realposition of the “selfish” post after the execution and its ranking according to the ideal order.We are thus able to measure how advantageous is for users to behave selfishly. Furthermore,t-ideal rank informs us how this behavior affects the overall quality of curation of the platform.

4.2 Execution

In all simulations, the likabilities of all “honest” posts have been drawn from the [0, 1]-uniformdistribution and all players have Steem Power equal to 1; we leave the case of variable SteemPower as future work.

(a) t-ideal rank evolution. (b) Kendall’s Tau and Spearman’s Rho evolution.

Figure 1 270 honest players, 70 posts and 200.000 rounds.

(a) t-ideal rank evolution. (b) Kendall’s Tau and Spearman’s Rho evolution.

Figure 2 300 honest players, 100 posts and 200.000 rounds.

Tokenomics 2019

3:10 A Puff of Steem: Security Analysis of Decentralized Content Curation

(a) Positions gained by selfish post. (b) t-ideal rank.

Figure 3 100 honest players, 100 posts and 0 to 100 selfish players.

4.2.1 Scenario AAs already mentioned, the results closely follow Theorem 13. Figures 1a and 1b showthe t-ideal rank and Kendall’s Tau coefficient respectively when the number of rounds isenough for all votes to be cast with full Voting Power. In particular, the parameters usedare a = 1

50 , b = 10−4, regen = 35·24·60·60 , R = 200000, attSpan = 10, N = 270 and M = 70.

(Observe that R− 1 > (M − 1)⌈a+b

regen

⌉.)

As we can see, all three measures show that the real list converges rapidly to the idealorder at the very end of the execution; meanwhile, the quality of the list improves very slowly.

Figures 2a and 2b depict what happens when the rounds are not sufficient for all votes to becast with full Voting Power. In particular, the corresponding simulation was executed with thesame parameters, except forM = 100 and N = 300. (Observe that R−1 < (M − 1)

⌈a+b

regen

⌉.)

Here we see that at the end of the execution, only the first three posts are correctlyordered. Regarding the rest of the list, both Kendall’s Tau and Spearman’s Rho coefficientsshow that the order of the posts improves only slightly throughout the execution of thesimulation, ending up in a state of bad quality.

4.2.2 Scenario B: Selfish usersIn order to understand how the presence of voting rings/Sybil accounts affects the curationquality, we simulate the execution of the game for various ring sizes, where ring membersvote only for a particular “selfish” post. We fix the rest of the system parameters tohandicap the selfish post. In particular, the voting rounds are sufficient for all votes tobe cast with full Voting Power, the likability of the selfish post is 0 for all players andit is initially placed at the bottom of the post list. Define the gain of the post of theselfish players as its ideal position minus its final position. Figure 3a shows the gain ofthe selfish post for a varying number of selfish players, from 1 to 100. Figure 3b depictsthe t-ideal rank of the resulting list at the same executions. The system parameters areN = 101..200, a = 1

50 , b = 10−4, regen = 35·24·60 , attSpan = 10, R = 5000.

As we can see in Figure 3a, there is a cutoff point around which the selfish players quicklymove from gaining no positions to overtaking all honest posts. The number of selfish playersneeded for this advantage is approximately half of the amount of honest ones. On the otherhand, figure 3b shows that even a single selfish player can almost completely ruin the t-idealrank of the result by only allowing a very small number of the best posts to be placed in thecorrect order.

A. Kiayias, B. Livshits, A. Monteoliva Mosteiro, and O. S. T. Litos 3:11

5 Summary and Future Work

We have defined an abstract post-voting system, along with a particularization inspired by theSteemit platform. We proved the exact conditions on the Steemit system parameters underwhich it successfully curates arbitrary lists of posts. We provided the results of simulationsof the execution of the voting procedure under various conditions. Both cases with onlyhonest and mixed honest and selfish players were simulated. We conclude that the VotingPower mechanism of Steem and the fact that self-voting is a profitable strategy may hurtcuration quality.

We have studied the curation properties of decentralized content curation platforms suchas Steemit, obtaining new insights on the resilience of these systems. Some assumptionshave been made in the presented model. Various relaxations of these assumptions constitutefertile ground for future work. First of all, the selfish strategy can be extended and refinedin various ways. For example, voting rings can be allowed to create more than one posts inorder to increase their rewards. Optimizing the number of posts and the vote allocation inthis case would contribute towards a robust attack against the Steemit platform.

Selfish behavior is considered only in the simulation. Our analysis can be augmentedwith a review of games with selfish players and voting rings.

The addition of the economic factor invites the definition of utility functions and strategicbehavior for the players. Its inclusion would imply the need for an expansion of our theoremsand definitions to the strategic case, along with a full game-theoretic analysis. Furthermore,several possible refinements could be introduced; for example, the process of creating Sybilaccounts could be associated with a monetary cost.

Last but not least, in our model, posts are created only at the beginning of the execution.A dynamic model in which posts can be created at any time and the execution continuesindefinitely (as is the case in a real-world UGC system) is also interesting as a future direction.

References1 Zeinab Abbassi, Nidhi Hegde, and Laurent Massoulié. Distributed content curation on the

Web. ACM Transactions on Internet Technology (TOIT), 14(2-3):9, 2014.2 Ashton Anderson, Daniel Huttenlocher, Jon Kleinberg, and Jure Leskovec. Steering user

behavior with badges. In Proceedings of the 22nd international conference on World WideWeb, pages 95–106. ACM, 2013.

3 Georgios Askalidis and Greg Stoddard. A theoretical analysis of crowdsourced content curation.In The 3rd Workshop on Social Computing and User Generated Content, volume 16, 2013.

4 Kelly Bergstrom. “Don’t feed the troll”: Shutting down debate about community expectationson Reddit. com. First Monday, 16(8), 2011.

5 Vitalik Buterin. Notes on Blockchain Governance. Accessed: 2019-01-02, 2017. URL:https://vitalik.ca/general/2017/12/17/voting.html.

6 Vincent Conitzer and Tuomas Sandholm. Communication complexity of common voting rules.In Proceedings of the 6th ACM conference on Electronic commerce, pages 78–87. ACM, 2005.

7 Philip Daian, Tyler Kell, Ian Miers, and Ari Juels. On-Chain Vote Buying and the Rise ofDark DAOs. Accessed: 2019-01-02, 2018. URL: http://hackingdistributed.com/2018/07/02/on-chain-vote-buying/.

8 dantheman. DPOS Consensus Algorithm - The Missing White Paper.URL: https://steemit.com/dpos/@dantheman/dpos-consensus-algorithm-this-missing-white-paper Accessed: 2019-04-02, 2017.

9 Anish Das Sarma, Atish Das Sarma, Sreenivas Gollapudi, and Rina Panigrahy. Rankingmechanisms in twitter-like forums. In Proceedings of the third ACM international conferenceon Web search and data mining, pages 21–30. ACM, 2010.

Tokenomics 2019

3:12 A Puff of Steem: Security Analysis of Decentralized Content Curation

10 J. R. Douceur. The Sybil Attack. International workshop on Peer-To-Peer Systems, 2002.11 Evan Duffield and Daniel Diaz. Dash: A PrivacyCentric CryptoCurrency. Self-published, 2015.12 Fred Ehrsam. Blockchain Governance: Programming Our Future. https: // www.

medium. com , 2017. Accessed: 2019-01-02. URL: https://www.medium.com/@FEhrsam/blockchain-governance-programming-our-future-c3bfe30f2d74.

13 Andrea Forte and Amy Bruckman. Scaling consensus: Increasing decentralization in Wikipediagovernance. In Hawaii International Conference on System Sciences, Proceedings of the 41stAnnual, pages 157–157. IEEE, 2008.

14 Arpita Ghosh and Preston McAfee. Incentivizing high-quality user-generated content. InProceedings of the 20th international conference on World wide web, pages 137–146. ACM,2011.

15 Allan Gibbard. Manipulation of voting schemes: a general result. Econometrica: journal ofthe Econometric Society, pages 587–601, 1973.

16 Mike Goldin. Token-Curated Registries 1.0. Accessed: 2019-01-02, 2017. URL: https://medium.com/@ilovebagels/token-curated-registries-1-0-61a232f8dac7.

17 Oded Goldreich. The foundations of modern cryptography. In Modern Cryptography, Probabil-istic Proofs and Pseudorandomness, pages 1–37. Springer, 1999.

18 Julián González. Author and Curator rewards in HF19. Accessed: 2019-01-02, 2018. URL:https://steemit.com/steemit/@jga/author-and-curator-rewards-in-hf19.

19 Julián González. Self-voters can achieve an interest of 248% APR!!URL: https://steemit.com/utopian-io/@jga/self-voters-can-achieve-an-interest-of-248-apr. Accessed: 2019-01-02, 2018.

20 LM Goodman. Tezos–a self-amending crypto-ledger White paper.URL: https://www.tezos.com/static/papers/white_paper.pdf, 2014.

21 Mangesh Gupte, MohammadTaghi Hajiaghayi, Lu Han, Liviu Iftode, Pravin Shankar, andRaluca M Ursu. News posting by strategic users in a social network. In International Workshopon Internet and Network Economics, pages 632–639. Springer, 2009.

22 Claude Hillinger. The case for utilitarian voting. Homo Oeconomicus, 22(3), 2005. . Accessed:2019-04-01. URL: https://ssrn.com/abstract=878008.

23 Meir Kalech, Sarit Kraus, Gal A Kaminka, and Claudia V Goldman. Practical voting ruleswith partial information. Autonomous Agents and Multi-Agent Systems, 22(1):151–182, 2011.

24 Andreas M Kaplan and Michael Haenlein. Users of the world, unite! The challenges andopportunities of Social Media. Business horizons, 53(1):59–68, 2010.

25 Maurice G Kendall. Rank Correlation Methods, volume 9, page 68. Hafner Publishing Co., 2edition, 1955. . Accessed: 2019-04-01. doi:10.1111/j.2044-8317.1956.tb00172.x.

26 Aggelos Kiayias, Benjamin Livshits, Andrés Monteoliva Mosteiro, and Orfeas Stefanos Thy-fronitis Litos. A Puff of Steem: Security Analysis of Decentralized Content Curation. arxiv.org,2018.

27 Dor Konforty, Yuval Adam, Daniel Estrada, and Lucius Gregory Meredith. Synereo: TheDecentralized and Distributed Social Network. Self-published, 2015. Accessed: 2019-01-02. URL:https://pdfs.semanticscholar.org/253c/c4744e6b2b87f88e46188fe527982b19542e.pdf.

28 Jure Leskovec, Daniel P Huttenlocher, and Jon M Kleinberg. Governance in social media: Acase study of the wikipedia promotion process. In ICWSM, pages 98–105, 2010.

29 Brian Neil Levine, Clay Shields, and N Boris Margolin. A survey of solutions to the sybilattack. University of Massachusetts Amherst, Amherst, MA, 7:224, 2006.

30 Yehuda Lindell and Jonathan Katz. Introduction to modern cryptography. Chapman andHall/CRC, 2014.

31 Tyler Lu and Craig Boutilier. Robust approximation and incremental elicitation in votingprotocols. In IJCAI, volume 1, pages 287–293, 2011.

32 Avner May, Augustin Chaintreau, Nitish Korula, and Silvio Lattanzi. Filter & follow: Howsocial media foster content curation. In ACM SIGMETRICS Performance Evaluation Review,volume 42, pages 42–55. ACM, 2014.

A. Kiayias, B. Livshits, A. Monteoliva Mosteiro, and O. S. T. Litos 3:13

33 Pasquale De Meo, Katarzyna Musial-Gabrys, Domenico Rosaci, Giuseppe ML Sarne, and LoraAroyo. Using centrality measures to predict helpfulness-based reputation in trust networks.ACM Transactions on Internet Technology (TOIT), 17(1):8, 2017.

34 Arash Molavi Kakhki, Chloe Kliman-Silver, and Alan Mislove. Iolaus: Securing online contentrating systems. In Proceedings of the 22nd international conference on World Wide Web, pages919–930. ACM, 2013.

35 Emilee Rader and Rebecca Gray. Understanding user beliefs about algorithmic curation inthe Facebook news feed. In Proceedings of the 33rd annual ACM conference on human factorsin computing systems, pages 173–182. ACM, 2015.

36 Fabian Schuh. Graphene Documentation. Accessed: 2019-04-02, 2018. URL: https://media.readthedocs.org/pdf/docsbitsharesorg/master/docsbitsharesorg.pdf.

37 Charles Spearman. The proof and measurement of association between two things. TheAmerican journal of psychology, 15(1):72–101, 1904.

38 Katarina Stanoevska-Slabeva, Vittoria Sacco, and Marco Giardina. Content Curation: a newform of gatewatching for social media. In Proceedings of the 12th international symposium ononline journalism, 2012.

39 Mike Thelwall. Can social news websites pay for content and curation? The SteemIt crypto-currency model. Journal of Information Science, page 0165551517748290, 2017.

40 Dinh Nguyen Tran, Bonan Min, Jinyang Li, and Lakshminarayanan Subramanian. Sybil-Resilient Online Content Voting. In NSDI, volume 9, pages 15–28, 2009.

41 Unknown. Steem: An incentivized, blockchain-based, public content platform. Accessed:2019-04-02, 2017. URL: https://steem.com/SteemWhitePaper.pdf.

42 Unknown. Steem Whitepaper. Accessed: 2019-04-02, 2018. URL: https://steem.io/steem-whitepaper.pdf.

43 Bimal Viswanath, Mainack Mondal, Krishna P Gummadi, Alan Mislove, and Ansley Post.Canal: Scaling social network-based Sybil tolerance schemes. In Proceedings of the 7th ACMeuropean conference on Computer Systems, pages 309–322. ACM, 2012.

44 Lirong Xia and Vincent Conitzer. Compilation Complexity of Common Voting Rules. InAAAI, 2010.

45 Haifeng Yu, Chenwei Shi, Michael Kaminsky, Phillip B Gibbons, and Feng Xiao. Dsybil:Optimal sybil-resistance for recommendation systems. In 2009 30th IEEE Symposium onSecurity and Privacy, pages 283–298. IEEE, 2009.

46 Yingwu Zhu. Measurement and analysis of an online content voting network: a case study ofDigg. In Proceedings of the 19th international conference on World wide web, pages 1039–1048.ACM, 2010.

A Proof of Theorem 13: Steem Convergence

Proof.Statement 1: Reorder the players such that SP1 ≥ SP2 ≥ · · · ≥ SPN . Let k =

minj∈[N−1]

{SPj 6= SPj+1}. We first cover the case when attSpan ≥ 2.

Let9

weakPost = (0, . . . , 0︸ ︷︷ ︸k−1

, 1, 0, . . . , 0︸ ︷︷ ︸N−k

)

9 We thank Heng Guo from the University of Edinburgh for this counterexample.

Tokenomics 2019

3:14 A Puff of Steem: Security Analysis of Decentralized Content Curation

strongPost = (0, . . . , 0︸ ︷︷ ︸k−1

,SPk − SPk+1

2SPk, 1, 0, . . . , 0︸ ︷︷ ︸

N−k−1

)

nullPost = (0, . . . , 0︸ ︷︷ ︸N

)P = [weakPost, strongPost,nullPost, . . . ,nullPost︸ ︷︷ ︸M−2

] .

We first note that SPk > SPk+1 ≥ 0 ⇒ 0 ≤ SPk−SPk+12SPk

≤ 1, thus strongPost is a validpost. We then observe that

∀i ∈ {3, . . . ,M} , idealSc (P [i]) = 0 <

< idealSc (P [1]) = 1 < 1 + SPk − SPk+1

2SPk= idealSc (P [2]) ,

thus ∀P ′ that contain the same posts as P and Ideal1 (P ′) holds, it is P ′ [1] = P [2].Since attSpan ≥ 2, all players apart from uk+1 vote for P [1] in the first round and forP [2] in the second, whereas uk+1 votes for P [2] in the first round and for P [1] in thesecond. Thus the two first posts will have been voted by all players by the end of thesecond round and their score will not change until the execution completes. We have:

sc2 (P [1]) = scR (P [1]) =k−1∑j=1

SPjb+ SPk (a+ b) + SPk+1 min{b,VPregk+1,r2

}+

M∑j=k+2

SPjb and

sc2 (P [2]) = scR (P [2]) =k−1∑j=1

SPj min {b,VPregj,r2}+

SPk min {aSPk − SPk+1

2SPkVPregk,r2 + b,VPregk,r2}+ SPk+1 (a+ b) +

M∑j=k+2

SPj min {b,VPregj,r2} ⇒

scR(P [2]) ≤k−1∑j=1

SPjb+ SPk(aSPk − SPk+1

2SPk+ b) + SPk+1 (a+ b) +

M∑j=k+2

SPjb .

In the case that VPregk+1,r2 ≥ b, it is

scR (P [1]) =k−1∑j=1

SPjb+ SPk (a+ b) + SPk+1b+M∑

j=k+2SPjb >

k−1∑j=1

SPjb+ SPk(aSPk − SPk+1

2SPk+ b) + SPk+1 (a+ b) +

M∑j=k+2

SPjb ≥

scR (P [2])⇒ scR (P [1]) > scR (P [2]) ,

thus Ideal1 (P ′) does not hold.

A. Kiayias, B. Livshits, A. Monteoliva Mosteiro, and O. S. T. Litos 3:15

Since uk+1 does not vote in any round between r1 and r2, and r2 ≥ 2, it is VPregk+1,r2 ≥1 − a − b + regen. Thus the case when VPregk+1,r2 < b can happen only when b >

1− a− b+ regen⇔ b > 1−a+regen2 . We now provide a counterexample for the case when

b > 1−a+regen2 .

Once more we order the players in descending Steem Power, like in the previous case.Once again k = min

j∈[N−1]{SPj 6= SPj+1} and we only care for the case when attSpan ≥ 2.

Let 0 < γ < 1 and

weakPost = (0, . . . , 0︸ ︷︷ ︸k−1

, 1, γ2 , 0, . . . , 0︸ ︷︷ ︸N−k−1

)

strongPost = (0, . . . , 0︸ ︷︷ ︸k−1

, γ, 1, 0, . . . , 0︸ ︷︷ ︸N−k−1

)

nullPost = (0, . . . , 0︸ ︷︷ ︸N

)

P = [weakPost, strongPost,nullPost, . . . ,nullPost︸ ︷︷ ︸M−2

] .

We observe that ∀i ∈ {3, . . . ,M} , idealSc (P [i]) = 0 < idealSc (P [1]) = 1 + γ2 < 1 + γ =

idealSc (P [2]), thus ∀P ′ that contain the same posts as P and Ideal1 (P ′) holds, it isP ′ [1] = P [2].Since attSpan ≥ 2, all players apart from uk+1 vote for P [1] in the first round and forP [2] in the second, whereas uk+1 votes for P [2] in the first round and for P [1] in thesecond. Thus the two first posts will have been voted by all players by the end of thesecond round and their score will not change until the execution completes. We have:

sc2 (P [1]) = scR (P [1]) =k−1∑j=1

SPjb+ SPk (a+ b) + SPk+1VPregk+1,r2 +M∑

j=k+2SPjb and

sc2 (P [2]) = scR (P [2]) =k−1∑j=1

SPj min {b,VPregj,r2}+ SPkVPregk,r2 + SPk+1 (a+ b) +

M∑j=k+2

SPj min {b,VPregj,r2} ≤

k−1∑j=1

SPjb+ SPkVPregk,r2 + SPk+1 (a+ b) +M∑

j=k+2SPjb .

We note that VPregk,r2 = VPregk+1,r2 because both uk and uk+1 vote with full VotingPower in the first round. Let VP = VPregk,r2 . We have

SPk (a+ b) + SPk+1VP > SPkVP + SPk+1 (a+ b)⇔SPk (a+ b) + SPk+1VP− SPkVP− SPk+1 (a+ b) > 0⇔(a+ b) (SPk − SPk+1)−VP (SPk − SPk+1) > 0⇔(SPk − SPk+1) (a+ b−VP) > 0

The last expression is true because SPk > SPk+1 and VP < b, thus the first expression istrue as well. We can then deduce that scR (P [1]) > scR (P [2]), thus Ideal1 (P ′) doesnot hold. Please refer to the full version [26] for the case when attSpan = 1.

Tokenomics 2019

3:16 A Puff of Steem: Security Analysis of Decentralized Content Curation

Statement 2a: Suppose that

R− 1 ≥ (M − 1)⌈a+ b

regen

⌉. (1)

Observe that

(1)⇒ R− 1M − 1 ≥

⌈a+ b

regen

⌉rhs⇒

integer

⌊R− 1M − 1

⌋≥⌈a+ b

regen

⌉. (2)

Let pid ∈ [N ]. From (1) we deduce that R ≥M and according to VoteThisRound inAlgorithm 6, upid votes non-null in rounds (r1, . . . , rM ) with ri =

⌊(i− 1) R−1

M−1

⌋+ 1. We

define the following:

k ∈ N, w ∈ R ,

n ∈ Z, p ∈ [0, 1) : (k − 1)w = n+ p ,

m ∈ Z, q ∈ [0, 1) : w = m+ q .

We have

b(k − 1)wc = n , (3)

bkwc ={n+m, p+ q < 1n+m+ 1, p+ q ≥ 1 (impossible if p = 0)

(4)

bwc = m (5)

dwe ={m, p = 0m+ 1, p > 0

(6)

(3), (4), (5), (6), p+ q < 2⇒bkwc ∈ {b(k − 1)wc+ bwc, b(k − 1)wc+ dwe}

(7)

From (7) we deduce that

∀i ∈ [M ] \ {1} , ri ∈ {ri−1 +⌊R− 1M − 1

⌋, ri−1 +

⌈R− 1M − 1

⌉} . (8)

From (2) and (8) we have that ∀i ∈ [M − 1] , ri+1 − ri ≥⌈a+b

regen

⌉. We will now prove by

induction that ∀i ∈ [M ] ,VPpid,ri = 1.

For i = 1,VPpid,1 = 1 (Algorithm 3, line 4).Let VPpid,ri

= 1. Until ri+1, a single non-null vote is cast by upid, which reducesVPpid by at most a+ b (Algorithm 5, line 7) and at least

⌈a+b

regen

⌉regenerations, each

of which replenishes VPpid by regen. Thus

VPpid,ri+1 ≥ min {VPpid,ri− a− b+ regen

⌈a+ b

regen

⌉, 1} ≥ 1 .

But VPpid cannot exceed 1 (line 4), thus VPpid,ri+1 = 1.

A. Kiayias, B. Livshits, A. Monteoliva Mosteiro, and O. S. T. Litos 3:17

Since the above holds for every pid ∈ [N ], it holds that at the end of the execution, all votes

have been cast with full Voting Power, thus ∀i ∈ [M ] , scR (P [i]) = Nb+ aN∑

pid=1P [i]pid

and the posts in PR are sorted by decreasing score (Algorithm 5, line 20). We observethat

∀i 6= j ∈ [M ] , idealSc (P [i]) > idealSc (P [j])⇒N∑

pid=1P [i]pid >

N∑pid=1

P [j]pid ⇒

Nb+ a

N∑pid=1

P [i]pid > Nb+ a

N∑pid=1

P [j]pid .

Therefore all posts will be ordered according to their ideal scores; put otherwise,IdealScoreM (PR) holds.

Statement 2b: Suppose that

R− 1 < (M − 1)⌈a+ b

regen

⌉. (9)

Several lists of posts will be defined in the rest of the proof. Given that, when all playersare honest, the creator of a post is irrelevant, we omit the creator from the definition ofposts to facilitate the exposition. Thus every post will be defined as a tuple of likabilities.First, we consider the case when

attSpan +R ≤M . (10)

In this case, no player can ever vote for the last post, as we will show now. First of all,(10)⇒ R < M , thus all players cast R votes in total. Let pid ∈ N, i ∈ [R] and vpid,i theindex of the last post that has ever been in upid’s attention span until the end of round i,according to the ordering of P . It is vpid,1 = attSpan and ∀i ∈ [R]\{1} , vpid,i = vpid,i−1+1,since in every round upid votes for a single post and the first unvoted post of the listis added to their attention span. Note that, since this mechanism is the same for allplayers, the same unvoted post is added to all players’ attention span at every round.

Thus ∀pid ∈ N, vpid,R = attSpan +R− 1(10)< M . We deduce that no player has ever the

chance to vote for the last post. The above observation naturally leads us to the followingcounterexample: Let

strongPost = (1, . . . , 1︸ ︷︷ ︸N

),nullPost = (0, . . . , 0︸ ︷︷ ︸N

)

P = [nullPost, . . . ,nullPost︸ ︷︷ ︸M−1

, strongPost]

∀i ∈ [M − 1] , it is idealSc (P [M ]) > idealSc (P [i]), thus ∀P ′ that contain the sameposts as P and Ideal1 (P ′) holds, it is P ′ [1] = P [M ]. However, since the last postis not voted by any player and the first post is voted by at least one player, it isscR (P [1]) > scR (P [M ]), thus Ideal1 (PR) does not hold.We now move on to the case when attSpan +R > M . Let V = min {R,M}. Each playercasts exactly V votes. Consider P1 = 1M×N and pid ∈ [N ]. Let

i ∈ [V ] :(

VPregpid,ri< 1 ∧ @i′ < i : VPregpid,ri′ < 1

),

Tokenomics 2019

3:18 A Puff of Steem: Security Analysis of Decentralized Content Curation

i.e. i is the first round in which upid votes with less than full Voting Power. Such a roundexists in every case as we will show now. Note that, since the first round is a votinground and the Voting Power of all players is full at the beginning, if i exists it is i ≥ 2.

If R ≥M , it is V = M .If @i ∈ [M ] :

(VPregpid,ri

< 1 ∧ @i′ < i : VPregpid,ri′ < 1), then we have that ∀i ∈

[M ] ,VPregpid,ri= 1 ⇒ ∀i ∈ [M ] \ {1} , ri ≥ ri−1 +

⌈a+b

regen

⌉to have enough rounds

to replenish the Voting Power after a full-weight, full-Voting Power vote. ThusrM ≥ 1 + (M − 1)

⌈a+b

regen

⌉> R, contradiction.

If R < M , every player votes on all rounds, thus r2 = 2. Note that⌈a+ b

regen

⌉≥ 2⇒ a+ b

regen > 1⇒ a+ b > regen . (11)

Thus ∀pid ∈ [N ] ,VPregpid,r2 = 1− a− b+ regen(11)< 1, thus i = 2.

We proved that i exists. Since all players follow the same voting pattern, the VotingPower of all players in each round is the same. Let rVP = VPreg1,ri

. Assume thatattSpan < i ∨ i > 2. Please refer to the full version [26] for the case when attSpan ≥i ∧ i = 2. In case N is even, let 0 < γ < 0, 0 < ε < γ (1− rVP),

weakPost = (1, . . . , 1︸ ︷︷ ︸N/2

, γ − ε, . . . , γ − ε︸ ︷︷ ︸N/2

) ,

strongPost = (γ, . . . , γ︸ ︷︷ ︸N/2

, 1, . . . , 1︸ ︷︷ ︸N/2

),nullPost = (0, . . . , 0︸ ︷︷ ︸N

) ,

P = [weakPost, . . . ,weakPost︸ ︷︷ ︸i−1

, strongPost,nullPost, . . . ,nullPost︸ ︷︷ ︸M−i

] .

First of all, it is

∀j ∈ [i− 1] , idealSc (P [j]) = N

2 (1 + γ − ε) <

<N

2 (1 + γ) = idealSc (P [i])

and ∀j ∈ {i+ 1, . . . ,M} , idealSc (P [j]) = 0 < idealSc (P [i]), thus the strong post hasstrictly the highest ideal score of all posts and as a result, ∀P ′ that contains the sameposts as P and Ideal1 (P ′) holds, it is P ′ [1] = P [i].We observe that all players like both weak and strong posts more than null posts, thusno player will vote for a null post unless her attention span contains only null posts. Thiscan happen in two cases: First, if the player has not yet voted for all non-null posts, butthe first attSpan posts of the list, excluding already voted posts, are null posts. Second,if the player has already voted for all non-null posts. For a null post to rank higher thana non-null one, it must be true that there exists one player that has cast the first vote forthe null post. However, since the null posts are initially at the bottom of the list and it isimpossible for a post to improve its ranking before it is voted, we deduce that this firstvote can be cast only after the voter has voted for all non-null posts. We deduce that allplayers vote for all non-null posts before voting for any null post.We will now see that the first N

2 players vote first for all weak posts and then for thestrong post. These players like the weak posts more than the strong post. As we saw,they will not vote any null post before voting for all non-null ones. If attSpan > 1 they

A. Kiayias, B. Livshits, A. Monteoliva Mosteiro, and O. S. T. Litos 3:19

vote for the strong post only when all other posts in their attention span are null onesand thus they will have voted for all weak posts already. If attSpan = 1 and since nopost can increase its position before being voted, the strong post will become “visible”for all players only once they have voted for all weak posts. Thus in both cases the firstN2 players vote for the strong post only after they have voted for all weak posts first.

The two previous results combined prove that the first N2 players vote for the strong post

in round ri exactly. We also observe that these players have experienced the exact sameVoting Power reduction and regeneration as in the case of P1 since they voted only forposts with likability 1, thus in round ri their Voting Power after regeneration is exactlythe same as in the case of P1 : ∀pid ∈

[N2],VPregpid,ri

= rVP.

We observe that the first N2 players vote for all weak posts with full Voting Power. As for

the last N2 players, we observe that, if attSpan < i, they all vote for the first weak post

of the list in the first round, and thus with full Voting Power. If attSpan ≥ i and i > 2,they vote for the strong post in the first round and for the first weak post in r2 with fullVoting Power. Thus in all cases the last N

2 players vote for the first weak post with fullVoting Power. Therefore, the score of the first weak post at the end of the execution isscR (P [1]) = N

2 (a+ b) + N2 ((γ − ε) a+ b).

On the other hand, at the end of the execution the strong post has been voted by the firstN2 players with rVP Voting Power and by the last N

2 players with at most full VotingPower, thus its final score will be at most scR (P [i]) ≤ N

2 (rVP · γa+ b) + N2 (a+ b). It is

ε < γ (1− rVP)⇒N

2 (rVP · γa+ b) + N

2 (a+ b) < N

2 (a+ b) + N

2 ((γ − ε) a+ b)⇒

scR (P [i]) < scR (P [1]) .

Thus PR [1] 6= P [i] and Ideal1 (PR) does not hold.

As for the case when N is odd, let 0 < ε < γN−3N−1 (1− rVP). In this case, we assume

that the likability of the first i posts (weak and strong) for the additional player is γ,whereas the likability of the last M − i posts (the null posts) is 0. This means that theadditional player votes first for the weak and strong posts and then for the null posts.The rest of the likabilities remain as in the case when N is even. We observe that theideal score of the strong post is still strictly higher than the rest. Furthermore, since theadditional player votes for the first weak post within the first i voting rounds, her VotingPower at the time of this vote will be at least rVP. We thus have the following boundsfor the scores:

scR (P [i]) ≤ N − 12 (rVP · γa+ b) + N − 1

2 (a+ b) + γa+ b ,

scR (P [1]) ≥ N − 12 (a+ b) + N − 1

2 ((γ − ε) a+ b) + rVP · γa+ b .

Given the bounds of ε, it is scR (P [i]) < scR (P [1]), thus Ideal1 (PR) does not hold. J

Tokenomics 2019

3:20 A Puff of Steem: Security Analysis of Decentralized Content Curation

B Steem Post Voting System Procedures

Algorithm 3 Init (attSpan, a, b, regen, R, SP).

1: Store input parameters as constants2: r ← 13: lastVoted← (0, . . . , 0) ∈ (N∗)N

4: VP← (1, . . . , 1) ∈ [0, 1]N

5: scores← (0, . . . , 0) ∈ (R+)M

Algorithm 4 Aux.

1: return (attSpan, a, b, r, regen, R,SP)

Algorithm 5 HandleVote (ballot, upid).

1: if lastVotedpid 6= r then . One vote per player per round2: VPpid,r ← VPpid . For proofs3: VPpid ← max {VPpid + regen, 1}4: VPregpid,r ← VPpid . For proofs5: if ballot 6= null then6: Parse ballot as (P,weight)7: cost← a ·VPpid · weight + b

8: if VPpid − cost ≥ 0 then9: score← cost · SPpid

10: VPpid ← VPpid − cost11: else12: score← VPpid · SPpid13: VPpid ← 014: end if15: scoresP ← scoresP + score16: end if17: lastVotedpid ← r

18: end if19: if ∀i ∈ [N ] , lastVotedi = r then . round over20: P ← Order (P, scores) . order posts by votes21: Pr ← P . For proofs22: r ← r + 123: end if

A. Kiayias, B. Livshits, A. Monteoliva Mosteiro, and O. S. T. Litos 3:21

Algorithm 6 Vote (P, aux).

1: Store aux contents as constants2: voteRounds← VoteRounds (R, |P|)3: if VoteThisRound (r, |P|) = yes then4: top← ChooseTopPosts (attSpan,P, votedPosts)5: (i, l)← argmax

(i,l)∈top{lpid}[1]

6: votedPosts← votedPosts ∪ (i, l)7: return ((i, l) , lpid)8: else9: return null10: end if11:12: function ChooseTopPosts(attSpan,P, votedPosts)13: res← ∅14: idx← 115: while |res| < attSpan & idx ≤ |P| do16: if P [idx] /∈ votedPosts then . One vote per post per player17: res← res ∪ {P [idx]}18: end if19: idx← idx + 120: end while21: return res22: end function23:24: function VoteThisRound(r,M)25: if R < M then26: return yes27: else if r ∈ voteRounds then28: return yes29: else30: return no31: end if32: end function33:34: function VoteRounds(R,M)35: voteRounds← ∅36: for i = 1 to M do37: voteRounds← voteRounds ∪

{1 +

⌊(i− 1) R−1

M−1

⌋}38: end for39: return voteRounds40: end function

Tokenomics 2019